Re: AS Path Prepending at Customer Sites in MPLS Cloud

Hawk · ‎09-05-2018

My company utilizes a traditional mpls infrastructure where all remote locations go through our main data center to get to the internet. We have century link as our provider & if remote locations need to communicate with each other century link has a full mesh in the cloud so that remote site to remote site traffic doesn't need to hair pin to our data center. In theory its a direct connection. My question this...

Some of our sites have 2 century link circuits going into 2 of our CPE routers. At those sites we may have a routemap/prepend statement applied to our century link BGP neighbor on only one circuit so that traffic going to those sites get evenly load balanced across both circuits. I am looking at one configuration in particular where we are prepending our own local AS number on a local subnet 3 times in the outbound direction. But the problem is when I look at our main data center mpls router I do not see that subnet with a longer AS path. I am also looking on the routers at other remote sites & do not see an AS path for the subnet in question that is longer than 2 AS's. I also looked at other prependings & I don't see longer paths for those subnets either. Is the century link neighbor router the only router that would see this? Is this normal? Am I missing something?

ADP_89 · ‎09-05-2018

Hello Hawk,

Do you actually see both BGP NLRI on the DC routers or just one?

Could it be that you are using the same AS in the DC and branches combined with "neighbor allowas-in"?

If that's the case you might need to allow the AS a few more times in order to get the prefix allowed.

Cheers,

ADP

Hawk · ‎09-05-2018

All branches have their own unique AS numbers. I assume by your response that it is not normal to not see the prepend in the bgp tables of other branch router & the data center router. Perhaps nothing is really prepended?

ADP_89 · ‎09-05-2018

Hello,

If all the CE are in a different AS forget about the "neighbor allowas-in". My other question was how many NLRI for the same prefix are you actually receiving from the PE? Maybe your provider is sending you only one path (the best) so you are not getting the prepended one. Just for testing this try to prepend the prefix from both CE and see if you get the expected result on the DC routers.

ADP

Ashish Panda · ‎09-05-2018

Hi Hawk,

Is your branch site having a private AS (64512 – 65535), and are you prepending the same?

Centurylink may be removing the same using "remove private-as".

regards

Ashish

Hawk · ‎09-05-2018

All branch sites have a private AS number in that range and pretending their private AS number multiple times outwardly to the entire mpls cloud. There is no statement in our bgp configurations to remove AS numbers. Maybe in century links but I don't know I have not seen their configs.

Ashish Panda · ‎09-05-2018

The "remove private-as" configuration is done on the provider side (centurylink) public peering. This explains why you don't see the private AS prepended at the other branch received prefixes.

Take a look at the following for more details.

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13756-32.html

regards

Ashish

lvtquan1991 · ‎09-12-2018

Hi Hawk,

If century link do "remove private as", Then your received routes on Data center will NOT include private as (local site) in AS-Path.

You can check it